Pen Testing Tools The Pros Use. What is pen testing?
Penetration testing is a test performed by professional hackers to determine if a system is vulnerable to attack – before the attackers do. In other words if the tested systems defenses were enough and which defenses the test overcome. Majority of professional hackers will use some specific tools to complete the job.
HWN recently talked to security pros and asked them about their most used tools. Below list are those used day to day, while some of them require a license, most of them are free.
Network Mapper (Nmap) was first released 20 years ago and it is a security scanner with capabilities ranging from probing networks to OS detection, spoofing, and the features are extensible by scripts to provide more sophisticated service detection, vulnerabilities detection, etc.
This is another well knows day to day complete suite of tools for assessing WiFi networks. It’s focus is on monitoring ( packet capture and export of data to text files ), attacking (replay attacks, deauthentication, fake access points and others via packet injection), testing ( checking WiFi cards and driver capabilities), cracking (WEP and WPA PSK). Aircrack-ng is a fork of the original Aircrack project.
This is an effective access point tool for linux that enables automated phishing attacks against WiFi networks by harvesting credential or execute actual infection. Detailed documentation is available on Wifiphisher website.
>_ Burp Suite
Burp is a graphical tool written in Java for testing web apps security. The free version is limited, but the paid version offers a set of advanced solutions for web application security checks
>_ OWASP ZAP
>_ CME (CrackMapExec)
>_ BeEF (Browser Exploitation Framework)
>_ Immunity Inc. – Debugger
>_ Social Engineer Toolkit (SET)
>_ Penetration Testing Tools Cheat Sheet